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(57) ABSTRACT 

A system and method for providing telephony communica- 
tion through a packet switched data network such as the 
Internet and an organization having telephone and computer 
terminals connected to a local area network. Selectable 
security is provided for the telephony applications through 
the use of an access gateway between the local, area network 
and the packet switched data network operating in conjunc- 
tion with an intelligent control network in a public switched 
telephone network. The access gateway includes storage and 
a processor for storing security data and running selectable 
applications based on pre-conditions established for the 
telephone terminals. Information is obtained from a party 
seeking to connect to a telephone terminal connected to the 
local area network both by dialing and by voice prompt and 
voice recognition dialog. 

24 Claims, 9 Drawing Sheets 
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SECURE LAN/INTERNET TELEPHONY 

FIELD OF THE INVENTION 

The present invention relates to telephony over a public 
packet switched data network such as the Internet to and 
from a multi-site industrial/business establishment having a 
local area network linking the sites and serving as a link to 
the public packet switched data network through a localized 
gateway system. 
Acronyms 

The written description uses a large number of acronyms 
to refer to various services and system components. 
Although generally known, use of several of these acronyms 
is not strictly standardized in the art. For purposes of this 
discussion, acronyms therefore will be denned as follows: 



ADPCM 


Adaptive Differential Pulse Code Modulation 


ARPA 


Advanced Research Projects Agency 


ARPANET 


Advanced Research Projects Agency NETwork 


AS 


Autonomous Systems 


ATM 


Asynchronous Transfer Mode 


CDMA 


Code Division Multiple Access 


CO 


Central Office 


CODEC 


digital CODer and DECoder 


CPU 


Central Processing Unit 


CREN 


Corporation for Research and Educational 




Netwo rlong 


DBCP 


Dynamic Host Configuration Protocol 


DID 


Direct Inward Dialing 


DNS 


Domain Name Server 


DTMF 


Dual Tone Multi-Frequency 


FDDI 


Fiber Distributed Data Interface 


GAO 


Government Accounting Office 


IP 


Internet Protocol 


ISDN 


Integrated Services Digital Network 


ISP 


Internet Service Provider 


LAN 


Local Area Network 


MAC 


Media Access Control 


MILNET 


Military NETwork 


NSFNET 


National Science Foundation NETwork 


PC 


Personal Computer 


PABX 


Private Automatic Branch Exchange 


PBX 


Private Branch Exchange 


POTS 


Plain Old Telephone Service 


PPP 


Point to Point Protocol 


PRE 


Primary Rate Interface (for ISDN) 


PSTN 


Public Switched Telephone Network 


RAM 


Random Access Memory 


ROM 


Read Only Memory 


TCP 


Transmission Control Protocol 


SONET 


Synchronous Optical NETwork 


SMDS 


Switched Megabit Data Service 


SMDI 


Simplified Message Desk Interface 


Tl 


Digital Transmission Link with 1.544 Mbps 




Capacity (24 voice channels) 


T3 


Digital Transmission Link with 44.73 Mbps 




Capacity (672 voice channels) 


TDMA 


Time Division Multiple Access 


X.25 . 


Protocol Providing Direct Connection to a 




Packet Switched Network 
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BACKGROUND ART 

Attention recently has been directed to implementing a 
variety of communication services, including voice tele- 
phone service, over the worldwide packet switched data 60 
network now commonly known as the Internet. The Internet 
had its genesis in U.S. Government programs funded by the 
Advanced Research Projects Agency (ARPA). That research 
made possible national interne two rked data communication 
systems. This work resulted in the development of network 65 
standards as well as a set of conventions, known as 
protocols, for interconnecting data networks and routing 



information across the networks. These protocols are com- 
monly referred to as TCP/IP (transmission control protocol/ 
internet protocol). The TCP/IP protocols were originally 
developed for use only through ARPANET but have subse- 
quently become widely used in the industry. TCP/IP is 
flexible and robust. TCP takes care of the integrity, and IP 
moves the data. 

The Internet provides two broad types of services: con- 
nectionless packet delivery service and reliable stream trans- 
port service. The Internet basically comprises several large 
computer networks joined together over high-speed data 
links ranging from ISDN to Tl, T3, FDDI, SONET, SMDS, 
ATM, OT1, etc. The most prominent of these national nets 
are MILNET (Military Network), NSFNET (National Sci- 
ence Foundation NETwork), and CREN (Corporation for 
Research and Educational Networking). In 1995, the Gov- 
ernment Accounting Office (GAO) reported that the Internet 
linked 59,000 networks, 2.2 million computers and 15 
million users in 92 countries. However, since then it is 
estimated that the number of Internet users continues to 
double approximately annually. 

In simplified fashion the Internet may be viewed as a 
series of packet data switches or ' routers' connected together 
with computers connected to the routers. The information 
providers constitute the end systems which collect and 
market the information through their own servers. Access 
providers are companies such as UUNET, PSI, MCI and 
SPRINT which transport the information. Such companies 
market the usage of their networks to the actual end users. 

FIG. 9 shows a simplified diagram of the Internet 349 and 
various types of systems typically connected thereto. Gen- 
erally speaking the Internet consists of Autonomous Systems 
(AS) type packet data networks which may be owned and 
operated by Internet Service Providers (ISPs) such as PSI, 
UUNET, MCI, SPRINT, etc. Three such AS/ISP networks 
appear in FIG. 9 at 310, 312 and 314. The Autonomous 
Systems (ASs) are linked by high bandwidth Inter- AS 
Connections 311, 313 and 315. Information providers 316 
and 318, such as America Online (AOL) and Compuserve, 
connect to the Internet via high speed lines 320 and 322, 
such as T1/T3 and the like. Information providers generally 
do not have their own Internet based Autonomous Systems 
but have or use Dial-Up Networks such as SprintNet (X.25), 
DATAPAC and TYMNET. 

In some cases, the information provider 316 or 318 
operates a host server or network of servers that their 
customers access by dial-up connection. If a customer wants 
information over and above that offered by the provider, the 
host server provides a tunnel connection through to the high 
speed link and the Internet 349. Other parties may connect 
into the network 349 at some other point and access infor- 
mation offered by provider 316 or 318 through the network 
349. 

By way of current illustration, MCI is both an ISP and an 
information provider, SPRINT is an ISP, and the MicroSoft 
Network is an information provider using UUNET as its ISP. 
Other information providers, such as universities, are indi- 
cated in exemplary fashion at 324 and are connected to the 
AS/ISPs via the same type connections here illustrated as Tl 
lines 326. Parties access information on servers of providers 
324 via the Internet 349. Corporate Local Area Networks 
(LANs), such as those illustrated in 328 and 330, are 
connected through routers 332 and 334 and high speed data 
links such as Tl lines 336 and 338. Laptop computers 340 
and 342 are representative of various personal computers 
and the like connected to the Internet via the public switched 
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telephone network (PSTN) and are shown connected to the 
AS/ISPs via dial up links 344 and 346. 

Recently, several companies have developed software for 
use on personal computers to permit two-way transfer of 
real-time voice information via an Internet data link between 
two personal computers, for example between PCs 340 and 
342. In one of the directions, the sending computer converts 
voice signals from analog to digital format. The software 
facilitates data compression down to a rate compatible with 
modem communication via a POTS telephone line, in some 
cases as low as 2.4 kbits/s. The software also facilitates 
encapsulation of the digitized and compressed voice data 
into the TCP/IP protocol, with appropriate addressing to 
permit communication via the Internet 349. At the receiving 
end, the computer and software reverse the process to 
recover the analog voice information for presentation to the 
other party. These programs permit telephone-like commu- 
nication between Internet users. 

PCs having voice communication capabilities can con- 
duct two-way, real-time audio communicatioas with each 
other, in a manner directly analogous to a two-way telephone 
conversation. However, the actual signals exchanged 
between two such terminal devices go through the public 
packet data network. Typically, such communications at 
least bypass long distance interexchange carriers. 

Internet based telephone programs have relied on servers 
(not separately shown) coupled to the Internet to establish 
voice communication links through the networks. Each 
person active on the network, who is willing to accept a 
voice call, must register with a server A calling party can 
call only those persons registered on the voice communica- 
tion server. 

Subsequent new developments have provided systems 
which are capable of avoiding such registration problems. 
The common assignee's copending White and Farris appli- 
cation Ser, No. 08/670,908, attorney docket number 680- 
184, filed Jun. 26, 1996, entitled Internet Telephone service, 
describes such a system and is incorporated by reference 
herein in its entirety. In that system Public switched tele- 
phone networks utilizing program controlled switching sys- 
tems are arranged in an architecture with the Internet to 
provide a methodology for facilitating telephone use of the 
Internet by individual customers on an impromptu basis. 
Provision is made to permit a caller to set-up and carry out 
a telephone call over the Internet from telephone station to 
telephone station without access to computer equipment, 
without the necessity of maintaining a subscription to any 
Internet service, and without the requiring Internet literacy 
or knowledge. Calls may be made on an inter or intra LATA, 
region or state, nationwide or worldwide basis. Billing may 
be implemented on a per call, timed, time and distance or 
other basis. Usage may be made of common channel inter- 
office signaling to set up the call and establish the necessary 
Internet connections and addressing. Calls may be made 
from telephone station to telephone station, from telephone 
station to computer or computer to telephone station. 

The foregoing approach to Internet telephony is predomi- 
nantly but not exclusively addressed to individual to indi- 
vidual communications. From a corporate or business stand- 
point the Internet is currently used principally for E-mail and 
data communication, the latter use providing a convenient 
mode of exchanging large data files. At the same time voice 
communication over corporate LANs and interconnection 
thereof by wide area networks (WANs) are known. 

U.S. Pat. No. 4,866,704 to Larry A. Bergman, issued Sep. 
12, 1989, entitled Fiber Optic Voice/Data Network, 



20 



25 



describes an asynchronous, high-speed, fiber optic local area 
network originally developed under a NASA contract for 
tactical environments. The network supports ordinary data 
packet traffic simultaneously with synchronous Tl voice 
traffic over a common token ring channel. A voice interface 
module parses, buffers, and re-synchronizes the voice data to 
the packet network employing elastic buffers on both the 
sending and receiving ends. Voice call setup and switching 
functions are performed external to the network with ordi- 
nary PABX equipment. Clock information is passed across 
network boundaries in a token passing ring by preceding the 
token with an idle period of non-transmission which allows 
the token to be used to re-establish a clock synchronized to 
the data. Provision is made to monitor and compensate the 
elastic receiving buffers so as to prevent them from over- 
flowing or going empty. 

U.S. Pat. No. 5,453,987 to Hai V. Tran, issued Sep. 26, 

1995, entitled Random Access Protocol for Multi-media 
Networks, describes a method for randomly accessing a 
multi-media communications network defined by a common 
signal path and a plurality of voice and data terminals 
coupled to the common signal path for communication 
thereon. The method includes a first step of providing a 
plurality of sequential time slots for transmission of a 
plurality of information packets, each of the information 
packets having a length equal to a length of a representative 
one of the plurality of time slots. Next, each of the time slots 
is provided with an access field, an address control field and 
an information field. The access field of each of the plurality 
of time slots is next monitored for identifying a null time slot 
that is (1) in non-communication with any of the voice or 
data terminals, or (2) reserved for a voice terminal in a 
silence period. The next step of the method is to transmit a 
preamble to an access field of the identified null time slot. 
That transmission step is followed by the step of monitoring 
the transmission of the preamble for collisions between 
terminals competing for the identified null time slot. If no 
collision is detected, address data and information bits are 
transmitted in the respective fields of the identified null time 

40 slot and a respective time slot in subsequent data frames. If 
a collision is detected, then the method returns to the step of 
monitoring the access field of each of a plurality of time slots 
for identifying another null time slot, and then repeating the 
steps which are subsequent thereto. 

U.S. Pat. No. 5,524,110 to Danneels, et al., issued Jun. 4, 

1996, entitled Conferencing Over Multiple Transports, 
describes computer based audio/video conferencing in con- 
junction with data conferencing in a windowed environment 
The system provides real-time audio, video, and data con- 
ferencing between PC systems operating in non-real time 
windowed environments over two or more different trans- 
ports. 

The following listed patents also deal with varying 
aspects of the same technology: U.S. Pat. No. 4,663,758, 
issued May 5, 1987, U.S. Pat. No. 5,506,834, issued Apr. 9, 
1996, U.S. Pat. No. 5,410,754, issued Apr. 25, 1995, U.S. 
Pat. No. 5,430,730, issued Jul. 4, 1995, and U.S. Pat. No. 
5,375,068, issued Dec. 20, 1994. 

There is a need for a system to provide to corporate and 
other large sized business organizations a convenient access 
to Internet telephony communication, while at the same time 
providing a reasonable degree of effective security along 
with convenience of access and administration. 
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DISCLOSURE OF THE INVENTION 

It is a primary object of this invention to satisfy the 
aforestated needs. 
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In one preferred embodiment the invention meets those 
needs by providing a novel arrangement of a localized 
security and address administration telephony gateway to 
the Internet for an industrial complex that comprises mul- 
tiple office or plant sites linked by a conventional local area 5 
network or LAN. By way of illustration this may be an 
Ethernet LAN. Each site has work station computers con- 
nected to the LAN for data communications and has con- 
ventional PBX or PABX telephone service to work stations 
and telephone stations. 10 

In this first embodiment, intra-company telephone service 
is provided via the multi-site PBX network which are linked 
by a public switched telephone network (PSTN). This net- 
work also provides a telephone link to the global commu- 
nity. 15 

In addition to this conventional telephone service there is 
also provided an alternative Internet service to the same 
telephone stations. Through this Internet service it is pos- 
sible to communicate with the global community without 
using the PSTN, at least in that portion of the communica- 20 
tion link extending from the company telephone stations to 
the distal side of the Internet. If the remote party to the 
communication has a non-PSTN link to the Internet, all 
PSTNs may be by-passed. In this first arrangement the 
company telephone stations or terminals connect to the PBX 25 
and via the PBX to the company LAN. In this context the 
terms PBX and PABX are used interchangeably. The LAN 
is connected to a localized security and address administra- 
tion telephony gateway and from there to the Internet 
through an Internet router. The localized access and security 30 
gateway provides the desired security. 

It will be recognized that 'security' is a relative term. A 
secure network does not exist; nor does a secure computer. 
The Trusted Computing Standards Evaluation Criteria (also 35 
known as the Orange Book), established by the United 
States Department of Defense, concludes that one cannot 
simply say that a computer is secure or not secure. Instead, 
it indicates that different levels of security can be assigned 
to "grade" the security of an operating system. According to 4Q 
that grading system four different levels of security are 
represented by letters ranging from A to D. Within each level 
of security, a number can be used to subdivide the level 
further, as in Al, A2, and so on. 

Security, inherently, makes it harder to enter a system by 45 
providing additional locks that users must pass. 
Unfortunately, legitimate users must pass those locks as 
well. Every security measure installed creates more work for 
someone. The TCP/IP protocol represents a security risk 
simply because it enables remote users to access files and 50 
data on machines other than their own. Aside from that, it 
offers a number of features designed to make using the 
protocol easier for users. Unfortunately, some of these open 
additional security loopholes. 

The present invention addresses those problems using 55 
multiple approaches basically relying on address adminis- 
tration and segmentation, with a goal of providing what is 
considered to be reasonable security for the intended pur- 
pose. The basic building block in the inventive approach 
uses in conjunction with the network architecture a localized 60 
access and security gateway which has bridge and router 
capabilities. As such it has the ability to perform filtering 
functions. 

One element of security which is relied upon is a hard- 
ware address filter table. This address filter may be applied 65 
to either or both incoming or outgoing addresses. Where it 
is desired that no one outside of a particular segment of the 
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business network can access a server in that segment, the 
hardware address of that server may be included in the filter 
table. Where it is desired that outside access be denied to 
specific work stations or telephones, those hardware 
addresses may be included in the filter table. Filtering may 
occur at various levels of addressing. Thus servers or 
individual stations may not only be identified in hardware 
address tables, but also in IP and/or LAN protocol address 
tables. Also, if it is desired to limit certain workstations 
within the business network from accessing resources out- 
side their local segments, the hardware addresses of those 
work stations may be included in a filter table. It is intended 
that multiple layers of inclusion and/or exclusion tables may 
be utilized. 

It is an important feature of the invention that the physical 
or MAC addresses as well as the IP addresses of the business 
network telephone terminals be maintained confidential, 
except to the extent that authorized employees or personnel 
see fit to provide that information to outsiders. 

A further layer of security may be provided by utilizing 
the ability of the bridge/router to filter frames by protocols. 
The bridge/router may be programmed to pass only the 
specific telephony protocol packets and block other packets. 
In this manner outsiders are blocked from using the tele- 
phony entry for the purpose of unauthorized access to 
internal data resources. As a still further safeguard, the 
gateway may be provided with the ability to compare the 
identity of the calling outside station to a table of allowed 
stations before passing the call on for further processing. In 
this manner specific callers or classes of callers may be 
blocked by the gateway. 

Another aspect of the inventive solution to the defined 
problem is the assignment of internal telephone station 
addresses in conjunction with one or more translation tables 
in the gateway to provide the desired degree of security. 
According to this feature, the internal telephone stations to 
which access is permitted via Internet telephony, are listed 
in the translation tables under numbers not comporting with 
existing hardware or IP addresses. In one preferred instance 
this may comprise an address or preferably a telephone 
number for the localized access and security gateway, in 
addition to an address which may be based on the internal 
company extension number for the specific telephone ter- 
minal. The terminal may not be reached via the Internet for 
telephony communication in a direct manner using any 
single address. The terminal may be reached for such a 
purpose only by first reaching the centralized access gate- 
way and providing to that gateway designated additional 
information. The receipt of this information will result in the 
gateway using its translation and filter tables in a novel 
manner to effect a connection to the telephone station. In this 
first example that connection would be via a LAN interface 
to a PBX. 

According to a second example or embodiment, digital 
telephone terminals may be utilized and connected directly 
to the LAN. Using that arrangement the PBXs may be 
eliminated. The LAN is connected via one or more LAN 
interfaces to wire line carrier (Tl, T2, T3) links and thence 
to one or more switching systems in the PSTN. The LAN 
interfaces include a LAN media access control (LAN-MAC) 
and physical interface, a LAN transmission control protocol 
and Internet control stack, a protocol converter, a connection 
controller and signal transform subsystem, and a wire fine 
carrier interface. 

Additional objects, advantages and novel features of the 
invention will be set forth in part in the description which 
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follows, and in part will become apparent to those skilled in 
the art upon examination of the following, or may be learned 
by practice of the invention. The objects and advantages of 
the invention may be realized and attained by means of the 
instrumentalities and combinations particularly pointed out 5 
in the appended claims. 

FIGURES OF DRAWINGS 

FIG. 1 is a high level block diagram showing the rela- 
tionship of a localized security and address administration 10 
gateway connected to a LAN linked plurality of sites to 
provide to those sites access to a global telephony link via 
the public data network known as the Internet in accord with 
one embodiment of the invention. 

FIG. 2 shows in simplified block diagram form a depic- 15 
tion of a typical switched telephone network having an 
Advanced Intelligent Network (AIN) common channel 
interoffice signaling system (CCIS). 

FIG. 3 is a block diagram of a program controlled switch 2Q 
of the type which may be used in the switched telephone 
network of FIG. 2. 

FIG. 4 illustrates one embodiment of an Intelligent 
Peripheral (IP) platform that may be used in the switched 
telephone network of FIG. 2. 25 

FIG. 5 illustrates another embodiment of an Intelligent 
Peripheral (IP) platform that may be used in the switched 
telephone network of FIG. 2. 

FIG. 6 is a simplified block diagram of a preferred 
embodiment of access and security gateway to provide 30 
public packet switched data network, such as the Internet, 
telephony service to the business establishment shown in 
FIG. 1. 

FIG. 7 is a simplified illustration of an example of one 
possible organization of software for the address server or 35 
address and security gateway illustrated in FIG. 6. 

FIG. 8 is a high level block diagram showing another 
embodiment of a localized security and address administra- 
tion gateway connected to a LAN linked plurality of sites to 
provide to those sites access to a global telephony fink via 
the public data network known as the Internet. 

FIG. 9 is a functional block diagram illustration of the 
public packet data network known as the Internet. 

BEST MODE FOR CARRYING OUT THE 45 
INVENTION 

Referring to FIG. 1 there is shown a high level block 
diagram showing the relationship of a localized security 
gateway connected to a LAN linked plurality of sites to 50 
provide to those sites access to a global telephony fink via 
the public data network known as the Internet, according to 
one embodiment of the invention. 

There is shown at 10 two sites A and B of a business 
establishment which may have additional sites which are not ss 
shown. The sites A and B may be relatively contiguous or 
may be remote, as in different states. Each site is provided 
with conventional telephone service by a PSTN 12. The two 
sites are shown connected to the PSTN via lines or trunks 14 
and 16 which connect to central offices (COs) 18 and 20. In 60 
the drawing the COs 18 and 20 are shown as end offices 
which serve individual subscriber telephones 22A, B, and C, 
and 24A, B, and C. Hie COs are of the type having service 
switching point (SSP) capability as is presently further 
explained. 65 

The PSTN 12 is preferably of the type having an 
Advanced Intelligent Network (AIN) control system. A 
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public telecommunications network of that type is shown in 
FIG. 2. The network shown in FIG. 2 is similar to that shown 
in U.S. Pat No. 5,247,571 to Kay et al., the disclosure of 
which is incorporated in its entirety by reference. The 
program-controlled nodes or switching systems are some- 
times referred to as "AIN nodes" or "AIN elements". The 
telephone network of FIG. 2 includes a switched traiEc 
network and a common channel signaling network used to 
carry control signaling and the like between nodes of the 
switched traffic network. 

The network of FIG. 2 includes a number of end office 
switching systems 110, also referred to as service switching 
points (SSPs) for reasons discussed later herein. The end 
office switching systems 110A and HOB provide connec- 
tions to and from local communication lines (local loops) 
coupled to end users terminals or equipment. 

The end offices 110 are typically connected into a local 
exchange carrier (LEC) network, typically including one or 
more tandem switching offices 112 providing trunk connec- 
tions between end offices. As such, the local exchange 
carrier network comprises a series of switching offices 110 
interconnected by voice grade trunks 114. As known in the 
art, one or more trunks will typically connect one or more 
switching offices to at least one switch in other carrier 
networks (not shown). 

Each switching office 110 has at least minimal SS7 
signaling capability, which is conventionally referred to as a 
signaling point (SP) in reference to the SS7 network. In the 
local exchange network, at least one of the switching offices 
110, and preferably all, are programmed to recognize iden- 
tified events or points in call (PICs). In response to a PIC, the 
switching office 110 triggers a Transaction Capabilities 
Applications Protocol (TCAP) query message through the 
signaling network to an Integrated Service Control Point 
(ISCP) 120 for instructions relating to AIN type services. 
Switching offices having the full PIC recognition and sig- 
naling capabilities are referred to as service switching points 
(SSPs). 

The ISCP 120 offers AIN routing control functionalities to 
customers of the local exchange carrier. For example, the 
ISCP includes an SCP database 122 containing customer 
profile records (CPRs) for controlling call processing in 
response to respective triggers. The ISCP 120 may also 
access a separate database, for example, to supplement its 
routing tables for certain services. In the preferred system, a 
second function of the ISCP is to serve as a mediation point. 
Specifically, the ISCP 120 mediates queries and responses 
between the local exchange carrier network components and 
databases operated by other carriers. 

The ISCP 120 is an integrated system, and includes a 
Service Management System (SMS) 124, a Data and 
Reporting System (DRS) 126, and the database referred to 
as a Service Control Point (SCP) 122. The ISCP also 
typically includes a terminal subsystem referred to as a 
Service Creation Environment or SCE 128 for programming 
the database in the SCP for the services subscribed to by 
each individual business customer. The components of the 
ISCP are connected by an internal, high-speed data network, 
such as a token ring network 130. 

The switches 110 typically comprise programmable digi- 
tal switches with common channel interoffice signaling 
(CCIS) communications capabilities. One example of such 
a switch is a 5ESS type switch manufactured by AT&T, 
although other vendors, such as Northern Telecom and 
Seimens, manufacture comparable digital switches which 
could serve as the SSPs and SPs. The SSP type implemen- 
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tation of such switches differs from the SP type implemen- translation information retrieved from disc storage 463 

tation of such switches in that the SSP switch includes together with routing information and any temporary infor- 

additional software to recognize the full set of AIN triggers mation needed for processing the call. For example, for a 

and launch appropriate queries. switch based Centrex type service, the call store 467 would 

FIG. 3 is a simplified block diagram of an electronic s receive and store extCQS i° n number translation ^formation 

program controlled switch which may be used as any one of fo ' ^ baS3Des ^ l °^ mer corresponding to an off-hook line 

meSSPtypeCOsmthe S ystcmofFIG.2.Asillustrated,the mi ' iatm ? a C f ™ e F"*™ St0re * 6 9 store * program 

„ - - y , * ; ™ " j ' . mstructions which direct operations of the computer serving 

CO switch includes a number of different types of modules. „ t . n , ™ ^™ 

. - . .„ A A , . , . t , Jr , A _ 1 as the administrative module processor. 

In particular, the illustrated switch includes interface mod- D*f™«„ frt ~ „ r - f , ■ Q , « av „ Un - 

i^ei/ * i_ \ m Referring to FIG. 2, within the local exchange network, 

ules 451 (only two of which are shown) a communications 10 ^ CQS Qne Qr more * 

module 453, and an administrative module 455. Pomts (sm) U6 and daU lfnks shown as d( f tted lincs 

The interface modules 451 each include a number of between the STP 116 and the switching offices 110. 

interface units 0 to n. The interface units terminate lines Typically, STPs 116 are implemented as matching or mated 

from subscribers' stations, trunks, Tl carrier facilities, etc. pairs, to provide a high level of redundancy. A full descrip- 

Where the interfaced circuit is analog, for example a sub- 15 tion of such paired STPs is found in Eugene M. Pester III 

scriber loop, the interface unit will provide analog to digital U.S. Pat. No. 5,475,732, issued Dec. 12, 1995, entitled 

conversion and digital to analog conversion. Alternatively, Common Channel Signaling Network Maintenance and 

the lines or trunks may use digital protocols such as Tl or Testing. A data link also connects each of the STPs of pair 

ISDN. Each interface module 451 also includes a digital 116 10 lhe ISCP 120 0ne or more data links also connect the 

service unit (not shown) which is used to generate call 20 STPs 116 in the local exchange carrier network to mated 

progress tones P^ rs °^ ^TPs ^ ^w 01 ^ °f a second carrier (not shown). 

Each interface module 451 includes, in addition to the ™ e lo ? a t 1 ° xcha "S e c . a ™ r , net ™ * m fi ay iJ?° 0ne 

noted interface units, a duplex microprocessor based module or . more ™ lt11i f nt Petals (IPs) 118. The IP 118 pro- 

. « * < * . i . • . u r « vides enhanced announcement, digit collection, speech 

controller and a duplex time slot interchange referred to as ^ n[ti and/or other capabilitics * s i ater described. The 

a TSI in the drawing Digital words representative of voice Tp ug to the switch no of lhe local exchange 

information are transferred in two directions between inter- carrier network via m appropriatc ^ circuit capable of 

face units via the time slot interchange (intramodule call carrying both voice and data. The IP 118 also communicates 

connections) or transmitted in two directions through the with me ISCP 12 o through a data communication network 

network control and timing links to the time multiplexed 3Q i 32 separate from the telephone company switching offices 

switch 457 and thence to another interface module and associated interoffice signaling network. The data com- 

(intermodule call connection). munication network 132 is preferably a packet switched 

The communication module 453 includes the time mul- network that serves as a signaling network enabling com- 
tiplexed switch 457 and a message switch 459. The time munications between AIN elements including the IP and the 
multiplexed switch 457 provides time division transfer of 35 ISCP. The network 132 transports messages using a stan- 
digital voice data packets between voice channels of the dardized transport protocol, such as TCP/IP, or a generic 
interface modules 451 and transfers data messages between data interface (GDI), and may be implemented using X.25, 
the interface modules. The message switch 459 interfaces frame relay, SMDS, or ATM technologies, 
the administrative module 455 to the time multiplexed fig. 4 illustrates a first, preferred embodiment f the IP 
switch 457, so as to provide a route through the time 40 used in the network of FIG. 2. In this implementation, the IP 
multiplexed switch permitting two-way transfer of control ^ consist of ^0 or more general purpose computers 
related messages between the interface modules 451 and the 1101A, 1101B, such as IBM RS-6000's. Each general pur- 
administrative module 455. In addition, the message switch pose computer will include a digital voice processing card 
459 terminates special data links, for example a link for f or sending and receiving speech and other audio frequency 
receiving a synchronization carrier used to maintain digital 45 signals, such as an IBM D-talk 600. Each voice processing 
synchronism. card ^ connect to a voice server card 1103A or 1103B 

The administrative module 455 includes an administrative which provides the actual interface to Tl or primary rate 
module processor 461, which is a computer equipped with interface ISDN trunks to the SSP type switching office. The 
disc storage 463, for overall control of CO operations. The plurality of computers may have associated dedicated disk 
administrative module processor 461 communicates with 50 storage 1105A, 1105B, and the IP will included a shared disk 
the interface modules 451 through the communication mod- memory 1107. Each computer will also include an interface 
ule 455. The administrative module 455 also includes one or card for providing two-way communications over an inter- 
more input/output (I/O) processors 465 providing interfaces nal data.communications system, an Ethernet type local area, 
to terminal devices for technicians such as shown at 466 in network 1109. The Ethernet carries communications 
the drawing and data links to operations systems for traffic, 55 between the individual computers and between the comput- 
billing, maintenance data, etc. A CCIS terminal 473 and an ers and a router which provides an interconnection to the 
associated data unit 471 provide a signaling link between the second signaling communications network going to the 
administrative module processor 461 and an SS7 network ISCP. The IP may also include another general purpose 
connection to an STP or the like (see FIG. 2), for facilitating computer 1115 configured as a terminal subsystem, for use 
call processing signal communications with other CO's and 60 as a maintenance and operations center (MOC) and provid- 
with the ISCP 440. ing operations personnel access to the IP. The number of 

As illustrated in FIG. 3, the administrative module 455 processors provided in the IP and the number of voice 

also includes a call store 467 and a program store 469. servers will depend on project service demands. One addi- 

Although shown as separate elements for convenience, these tional processor and associated voice server will be provided 

are typically implemented as memory elements within the 65 as a backup, 

computer serving as the administrative module processor Each general purpose computer 1101A, 1101 B will run a 

461, For each call in progress, the call store 467 stores node manager, an IP/ISCP Interface program, appropriate 
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voice processing software and a variety of application providing a calling customer's individual service. For 

software modules to offer the proposed services of the IP. example, if the subscriber has some form of speech recog- 

The central administrator or "Node Manager** program nition service, the call would be routed to the speech 

module, running on each computer, will monitor and control recognition module 1205. If the subscriber has a voice mail 

the various IP resources and operations. 5 service, however, the ISCP would instruct the SSP to route 

rp« j * ** i • i j • » j a the call to one of the lines going to one of the voice server 

The digital voice processing card and associated software A . ,^ MA nniu £u a i haia nniD 

t. i_ *i_ • u i_m- modules 1203A, 1203B. The module 1203A, or 1203B 

will provide speech synthesis, speech recognition capabih- u • » • • * a. ■ *i 

j rvTn * . • i \- c • t~ r would receive outgoing voice messages from the voice mail 

UesandDTMFtonesignalreoepUon.forusewa^mberof server um for transmission to the caller. The module 

different applications. The speech synthes* and DTMF tone 12ft3A of 1203B woul(J decode DTMF gi k and j 

signal reception, ^for example ^replace Uie announcement 10 e ^ tQ ^ voice mafl se for 

and digit colkction functions of the SSP switches m various ^ moduk 12Q3A Qr 1203B wouW ^ fonnat 

ejostrng AIN services The general purpose computers and yoice m ^ f<K itmalissiM over mtemal 

associated circuits will also run a variety of other types of network 6 1210 anQ stor „ ^ ^9. 

service program modules, lor example a voice mail server A j. J , . -,. . #. . 

„ , , f, ^ -i *, , 1t According to one preferred embodiment of the invention 

module and/or a fax mail server module. 15 __, & • . 

the IPs may communicate with the ISCP using a proprietary 

FIG 5 illustrates an alternate embodiment of an IP which protocol +m9 developed for me project described in U.S. 
may be used in the network of FIG. 2. The alternate Pat . Na 5,572,583, issued Nov. 5, 1996, to Wheeler and 
architecture utilizes separate modules for different types of Farris> enlitled Advanced intelligent Network With Intelli- 
services or functions, for example, one or two Direct Talk gent p er i ph erals Interfaced to the Integrated Services Con- 
type voice server modules 1203A, 1203B for interfacing the ^ Point> aQd t0 me assignee of the 
trunk to the SSP, a separate module 1205 for speech application, the IP will query ISCP in response to a call. As 
recognition, a server module 1209 for voice mail, and ^ be described in further detail, during a call a trigger 
another server 1207 for fax mail services, etc. The various cvent occurs ^ ssp ihcTCUpon querics ^ ISCR The ISCP 
modules communicate with one another via an data com- resp0 nds by instructing the SSP to route the call to the IP, 
mumcation system 1210, which again may be an Ethernet using standard TCA P protocol messages. Substantially 
type local area network. simultaneously the ISCP uses the +1129 protocol on the 

The Direct Talk modules 1203A, 1203B provide voice second signaling network to send to the IP, one or a sequence 

message transmission and dialed digit collection of instructions as to how to process the particular call which 

capabih ties, as in the earlier embodiment. The modules 3Q is sent by the SSP. 

1203A, 1203B also provide line interfaces for communica- ^ an alternative or in addition to the +1129 protocol, 

tions to and from those servers which do not incorporate line communications between the IP and the ISCP may utilize 

interfaces. For example, for facsimile mail, the Direct Talk generic data interface (GDI). The GDI command set is 

module connected to a call would demodulate incoming data simpler and more generic, and the commands can carry more 

and convert the data to a digital format compatible with the 35 data. Also, the ISCP can initiate communications using GDI. 

internal data communication network 1210. The data would This permits a wider variety of routing and processing 

then be transferred over network 1210 to the fax server routines. In response to a triggering event, the SSP would 

1207. For outgoing facsimile transmission, the server 1207 aga i n receive instructions to route a call in progress to the IP. 

would transfer the data to one of the Direct Talk modules However, rather than waiting for a subsequent query from 

over the network 1210. The Direct Talk module would 4Q the IP, while the SSP is routing the call the ISCP may instruct 

reformat and/or modulate the data as appropriate for trans- the IP to prepare to receive a call on a particular circuit and 

mission over the ISDN link to the SSP. The Direct Talk may forward additional call specific information. For 

modules provide a similar interface function for the other example, for a call which might require speech recognition 

servers, such as the voice mail server 1209. processing, the ISCP would instruct the IP to retrieve 

The illustrated IP also includes a communication server 45 appropriate recognition templates from memory. Other pro- 

1213. The communication server 1213 connects between the tocols could be used to permit either the ISCP or the IP to 

data communication system 1210 and the router 1211 which initiate communications. 

provides communications access to the second signaling Referring to FIG. 2, the end office switching system 110 

communication system and the ISCP 40 and other IPs which normally responds to a service request on a local commu- 

connect to that signaling communication system. The com- 50 nication line connected thereto, for example an off-hook 

munication server 1213 controls communications between from station X followed by dialed digit information, to 

the modules within the IP and the second signaling com- selectively connect the requesting line to another selected 

munication system. local communication hne, for example Jo the line to station 

In each of the proposed architectures, the SSP switch Z. The connection can be made locally through only the 

would route calls to the different elements of the IP in 55 connected end office switching system U0A but typically 

response to instructions from the ISCP. In the initial imple- will go through a number of switching systems, 

mentation using general purpose computers, each of which In the normal call processing, the central office switching 

offers all service functionalities, the decision to route to a system 110 responds to an off-hook and receives dialed 

particular one of the computers would be a resource digits from the calling station. The central office switching 

availability/allocation decision. If necessary data can be 60 system analyzes the received digits to determine if the call 

exchanged between the computers via the internal data is local or not. If the called station is local and the call can 

communications network, e.g., if a message for a particular be completed through the one central office (intraoffice call), 

subscriber's service is stored in the disc memory associated e.g., from calling station X to called station Z via the central 

with one computer but the other computer is actually pro- office 11 OA, the central office switching system connects the 

cessing the call. In the second implementation (FIG. 6), 65 calling station to the called station. If, however, the called 

however, the ISCP would instruct the SSP to route the call station is not local, e.g., from calling station Y to called 

to the particular line to the specific module capable of station Z, the call must be completed through one or more 
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distant central offices (interoffice call), and further process- 
ing is necessary. If at this point the call were connected 
serially through the trunks and appropriate central offices 
between the caller and the called party using in-band 
signaling, the trunks would be engaged before a determina- 
tion is made that the called line is available or busy. 
Particularly if the called line is busy, this would unneces- 
sarily tie up limited voice trunk circuit capacity. The CCIS 
system through the STPs was developed to alleviate this 
problem. 

In the CCIS type call processing method, the originating 
end office switching system suspends the call and sends a 
message through the CCIS network to the end office switch- 
ing system serving the destination telephone line. The ter- 
minating end office determines whether or not the called 
station is busy. If the called station is busy, the terminating 
end office so informs the originating end office via CCIS 
message, and the originating end office provides a busy 
signal to the calling station. If the called station is not busy, 
the terminating end office so informs the originating end 
office. The originating office provides ringback to the caller, 
and the terminating office applies ringing current to the line 
to the called party. When the telephone station connected to 
the called line goes off-hook, the terminating switching 
office informs the originating switching office, and the two 
offices establish a telephone connection via the trunks and 
end offices (and/or tandem offices) of the network between 
the calling and called stations. 

For an AIN type service, such as call redirection based on 
data stored in the IS CP 120, the end offices and/or tandems 
are SSP capable and detect one of a number of call process- 
ing events, each identified as a "point in call" (PIC), to 
trigger AIN type processing. Specifically, in response to 
such a PIC, a switching system such as switch 110 suspends 
call processing, compiles a call data message, also referred 
to as a TCAP query message, and forwards that message via 
common channel interoffice signaling (CCIS) links and one 
or more STPs 116 to an ISCP 120. If needed, the ISCP 120 
can instruct the particular switching office to obtain and 
forward additional information. Once sufficient information 
has reached the ISCP 120, the ISCP 120 accesses its stored 
data tables and or data in external databases to translate the 
received data into a call control message and returns the call 
control message to the switching office via the STP 116 and 
the appropriate CCIS links. The switching office 110 uses 
the call control message to complete the particular call 
through the public switched network in the manner specified 
by the subscriber's data file in the ISCP 120. 

Referring to FIG. 1, the business establishment termina- 
tions of the lines or trunks 14 and 16 are connected to PBXs 
or PABXs 26 and 28 at the sites A and B, respectively. These 
PBXs serve the internal telephone stations 30A, B, and C, 
and 32A, B, and C, respectively to provide both internal and 
external telephone service to the sites A and B. Each PBX is 
provided with an attendants station 34 and 36. 

The sites A and B (and any other sites in the business 
establishment) are also connected by a local area network 
LAN 38. The LAN 38 is connected to the respective PBXs 
through LAN interface cards or units 40 and 42. The LAN 
cards provide a two-way data interface compatible with the 
particular LAN 38, for example a 10 baseT Ethernet LAN. 
The LAN card transmits and receives addressable messages 
over the LAN 38 for communication with other devices on 
the LAN. The addressing conforms to the media access 
control (MAC) functionality of the particular LAN protocol. 

FIG. 1 shows the LAN also connected to PCs or work 
stations 44A and B, and 46A and B, respectively. The 
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various PCs or work stations include processors, memories, 
various disc drives, etc. Each of the PCs also includes a 
display or monitor, a keyboard, and possibly one or more 
additional user input devices (not shown) such as a mouse, 
joystick or track ball. Typically, the software running on the 
PCs includes an operating system, such as Windows ' 95, and 
a series of compatible applications programs running under 
the operating system. The software preferably implements a 
graphical user interface, including a user interface for com- 
munications through the public packet data network or 
Internet 48. 

The PCs or work stations are provided with access to the 
Internet by an Internet access server 50 which may be 
connected to an Internet router (not shown) via a Tl or 
higher capacity line 51. The server 50 may be equipped and 
programmed to act as a firewall for the PC or work station 
traffic. 

The LAN 38 may use any appropriate local data commu- 
nication network technology. For example, the network may 
be fiber or wire. The network 38 may be a local ATM 
(Asynchronous Transfer Mode) network or a token ring, etc. 
The LAN also carries normal data communications between 
PCs such as 44 and 46 and any other data devices coupled 
to the LAN, such as the Internet 48. 

One or more of the PCs or work stations 44 and 46 may 
also have voice communication capabilities. Such PCs 
would include a microphone and one or more speakers. 
These PCs also include analog to digital and digital to analog 
converters, and the CPUs in such PCs run software for 
compression and decompression of digitized audio 
(typically voice) information. The software also processes 
the audio information for transmission and reception of the 
compressed digital information in IP packets and using the 
appropriate protocol, for communication with the respective 
access server, such as the access server 50 in FIG. 1. 

PCs having voice communication capabilities can con- 
duct two-way, real-time audio communications with each 
other, in a manner directly analogous to a two-way telephone 
conversation. However, the actual signals exchanged 
between two such terminal devices go through the public 
packet data network 48 and the appropriate access server 50. 
In this manner the appropriately equipped PCs in the busi- 
ness establishment 10 may communicate by telephone with 
distant similarly equipped PCs (not shown). Typically, such 
communications at least bypass long distance interexchange 
carriers. If both communicating PCs connect to the Internet 
via a LAN or other data network, the audio communications 
may not utilize any public telephone network. On the other 
hand, individual residence premised PC users usually rely 
on dial-up connection to an ISP connected to the PSTN. 

The public packet data network or Internet 48 also con- 
nects to a number of PSTN gateways or servers in different 
service areas. Thus a PSTN gateway 54 connects to one or 
more central offices 56 of the public switched telephone 
network in the region where the gateway 54 is located. In 
similar fashion one or more ISP gateways 58 is shown 
connected from an Internet router (not shown) in the Internet 
48 to one or more central offices 60 in the PSTN 12. Calls 
through the network to and from such gateways typically 
bypass long distance interexchange carriers and may utilize 
a data network connection to a PC at one end of the call, as 
in the example of the PCs in the business establishment 10. 
The PCs having voice communication capabilities may send 
and receive telephone calls via the public switched tele- 
phone network 12 and one of the gateways 54 and 58 to 
persons using standard telephones 62A, B, and C connected 
to an end office CO in the PSTN 12. 
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Such gateways as 54 and 58 will connect to the CO, comprising each numeric IP address. In addition numeric IP 

typically utilizing one or more primary rate interface (PRI) addresses occasionally change or some systems temporarily 

type integrated services digital network (ISDN) line groups assign IP addresses to active devices, making it even more 

or a combination of one or more Tl circuits and a Simplified D f a problem for people to keep track of them. To facilitate 

Message Desk Interface (SMDI) type signaling circuit. The 5 person to person communications, however, people can 

line circuits provide digital line interconnections of the address each other using easier to remember names. In 

gateway to the central office . The D channel of the PRI or the relation to the present invention these names are preferably 

SMDI link carries a variety signaling back and forth textual domain names or telephone number based domain 

between the PSTN gateway and the CO. For example, on an names A domain name setwf p NS) , em 51 tiaBsl ^ s 

incoming call from one of the COs 56 or 60 to one of the J(J ^ names imo actual ^ addresses . 

gateways 54 or 58, the signaling would include the calling . , . A . . _ . . , 

.Li- ..j ji.i^i Ltj..*™ *«t. An example of a textual Domain Name is 

P Z dialed destniatton digHs. BUBMI@HUTMB.COM. Each of the names separated by 

The PSTN gateway 54 includes one or more computers a ^ ^ caUcd a domain ^ si of each of , he 

for processing mdividual calls. The computers include ^ ^ Kyt{st o£ ^ of ^ aumeric , p address , n 

appropriate line interfaces for answering incoming calk and ]5 me mmetic Jp add ^ most si ^ cm numbers were 

initiating outgoing calls over the particular type of line Qn ^ kfl ^ ^ ^ si ^ &cial on me ri ^ t , ^ textuar 

circuits. The interfaces also receive and decode standard Domain Name System begins ^ me least significant on 

signahng messages from he PSTN, e.g. DTMF dialing ^ kft ^ eedg to ^ mQSt si ai&cinl 0D ^ ri ^ ti ^ 

signals and/or D channel ISDN signaling. The interfaces e le of a telephone number based Domain Name is 

also detect line status and call progress signals on incoming 20 «30i.608-29O8(a>onone" 

and outgoing calls, either as in-band tone signals or as D „ , „ , . 

channel messages. Each of the computers in the gateway 54 . Th « to P- level d ° maiQS > those of «"» most S eneral 

r . T - • j- • i c *u significance, are as follows: 

runs software to compress incoming audio signals from the & ' 

PSTN in a standardized format and decompress digital audio COM— A commercial operation. 

signals in that format received via the public packet data ^ 2. EDU— A university, college or other educational insti- 

network or Internet 48, for transmission over the PSTN. The tution. 

computers) also perform the two-way protocol processing 3. GOV — A government organization, 

to send and receive compressed, digitized voice data in 4. MIL — A military site. 

TCP/IP packet form over the network 48. Copending com- 5, ORG— Any organization that does not fit into any of 

monly assigned application Ser. No. 08/634,543 filed Apr. 30 the preceding. 

18, 1996 describes several implementations of "Internet 5 \ network. 

Modules" which may serve as alternate embodiments of the Thcic are now two -letter domains, each denoting a dif- 

PSTN gateways 54 and 58. f erent country, which are atop the above original domain 

Communications via the public packet data network or names. An address ending in "COM.AU," for example, 
Internet 48, utilize IP protocol addressing. It may be helpful 35 would be a commercial operation in Australia. Over a 
in understanding later discussed call processing examples to hundred different countries are now connected to the Inter- 
take a moment here to review the fundamentals of IP ne t S o the list of two-letter country codes is long and getting 
addressing. Each IP address comprises a series of four longer. Computers or servers associated with the Internet 
numbers separated by dots. An example of an IP address convert textual domain names into numeric IP addresses, 
would be 164.109.211.237. Each machine on the Internet 40 i n the example illustrated in FIG. 1, the domain name 
has a unique number permanently or temporarily assigned to server 52 translates domain names into numeric IP addresses 
it which constitutes one of these four numbers. In the IP in response to requests from calling terminals. FIG. 1 depicts 
address, the leftmost number has the greatest weight. By a single domain name server 52, and the discussion herein 
analogy this would correspond to the ZIP code in a mailing concentrates on a single server implementation for ease of 
address. At times the first two numbers constitute this 45 explanation. In an actual, large scale deployment, the 
portion of the address indicating a network or a locale.. That domain name server system would comprise a number of 
network is connected to the last router in the transport path. server systems 52 in a hierarchical arrangement. Each 
In differentiating between two computers in the same des- domain name server 52 would serve a region or segment of 
tination network only the last number field changes. In such the public packet data network 48 and would provide 
an example the next number field 211 identifies the desti- 50 translations and processing of names corresponding to 
nation router. addresses residing within the segment served. Any computer 

When a packet bearing a destination address leaves a or PC on the segment requesting translation would first 

source router, the router examines the first two numbers in query the domain name server system 52 serving that 

a matrix table to determine how many hops are the minimum segment. If the domain name was not one associated with 

to get to the destination. It then sends the packet to the next 55 the server, the domain name server 52 would communicate 

router as determined from that table, and the procedure is through the hierarchy of such servers to relay the query to 

repeated. Each router has a database table that finds the the appropriate server for processing; and after processing, 

information automatically. This continues until the packet that server would provide the destination address and any 

arrives at the destination computer. The separate packets that associated information in the reply back to the querying 

constitute a message may not travel the same path depending 6Q device. Also, each domain name server 52 in a given area 

on traffic load. However, they all reach the same destination could be duplicated, for redundancy, 

and are assembled in their original order in a connectionless There is now described a typical Internet telephone call 

fashion. This is in contrast to connection oriented routing from an outside telephone to the internal telephone of an 

modes, such as frame relay and asynchronous transfer mode employee of the business establishment 10. 

(ATM) or voice. 65 An external caller at telephone 62A in a distant city has 

It would be difficult for most people to remember the four been invited by an employee of the business * establishment 

separate numbers (sometimes having ten or more digits) 10 to call him using the Internet telephony capability that the 
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business provides. The external caller has been further told The access gateway 66 responds to this connection by 

by the employee that in order to complete an Internet requesting that the end office CO 64 (or the IP) send to the 

telephone call to him at his desk from a telephone connected caller a prerecorded prompt to send the telephone DID 

to the PSTN, she is to dial the prefix WW which has been number of the party (or terminal) that the caller is attempting 

established by the PSTN as a prefix to be used to dial an s to reach. This is accomplished either by DTMF signaling or 

Internet call. ... by voice and the voice recognition capability in the Intelli- 

The potential caller has been additionally instructed to use genl Peripheral (IP) platform in the PSTN. The caller sends 

that prefix and the number IOT-123-4567 as a number which ^ rcqucstcd number to thc acccss gateway 66 via me PSTO 

will estabhsh a connection through the Internet to the access u ^ me [nternet 48 The access 66 aJfi0 receiyes 

gateway 66 of the business establishment 10. The SSPs _ . jto - r u 

associated with the end office switches in the PSTO 12 have 10 ™ CCIS ™ d * * c . telephone number of the 

originating triggers set for that number. When the number P"* wl f h m ^ be obtained from AMI or caller ID 

INT-123-4567 is dialed, the trigger in the originating < or rec * uest to callm S party) The access gateway 66 

CO/SSP 64 suspends the call and sends a TCAP query thereupon commences its security function as is now 

message via one or more STPs to the ISCP. The ISCP explained. 

consults a database of translations for Internet calls and 15 system and methodology just described has resulted 
ascertains that the number INT-123-4567 identifies the in the initiation of two security measures to this point in the 
access gateway 66, and that the domain name of that procedure. Thus the employee first disclosed his DID 
gateway is * 703 -123-4567@p hone*. The database of trans- number, and second, the employee disclosed either the 
lations of INT prefixed telephone numbers to Internet Internet number INT-123-4567 and/or the domain name 
domain names may be maintained either in the ISCP or the 20 ' 703-1 23-4567@phone' for the access gateway to the busi- 
IP. ness establishment. These numbers have been used to con- 
As an alternative to the foregoing procedure, the nect to the access gateway 66 and the DID number has been 
employee may instruct the potential caller to use the 'INT 1 presented to the access gateway 66. 
prefix and then to follow the instructions which will be The architecture and operation of the access gateway 66 
provided by voice prompt. According to this embodiment 25 is now described. 

the employee also divulges to the potential caller the domain As shown in simplified form in FIG. 6, the access gateway 
name of the access gateway 66, namely, '703-123- 66 comprises a LAN server and router 55 interfacing 
45 67 @phone\ According to this variant procedure the ISCP, between the LAN and the Internet. The access gateway also 
in response to the prefix TNT', would set up a voice includes an address or security server 51. These two servers 
recognition session using the voice recognition capabilities 30 may have a common central processing unit (CPU), if 
of the IP. The IP may be signaled by the ISCP to initiate such desired. The address server 51 also includes a data storage 
a session with the caller. system 53 wherein there is stored a series of databases. This 
The IP thereupon transmits to the caller via a voice link data storage system may be either associated with or 
between the IP and the SSP/CO to which the caller is included in the server 51. As discussed more below, the 
connected, a voice prompt requesting the caller to spell the 35 databases include look-up tables for authentication of and/or 
domain name of the destination desired. The caller complies translations of names or numbers, and routing control 
with this request and the domain name £ 703-123- records for conditional as well as parallel processing of 
4567@phone' is temporarily stored by the IP. The IP or the requests for communication via the access gateway. 
ISCP thereupon sends the domain name via the CCIS FIG. 7 provides a simplified illustration of an example of 
network in the PSTN 12 to the end office CO 56 with 40 one possible organization of the software for the address 
instructions to establish a link to the access gateway 66 server 51, for implementing the security operations in 
which that domain name identifies. As an alternative to this accord with the present invention. The computer of the 
transmission of the domain name to the CO 56, the ISCP address server runs a standard operating system 71, such as 
could direct that a voice link from CO 64 to CO 56 be UNIX. The operating system facilitates execution of one or 
established at the outset, whereby the domain name is 45 more applications. One of the applications that will run on 
delivered from the IP via the voice link. the computer of the address server 51 is an address process- 
In its search the ISCP (or the IP) has further ascertained ing application 73. The address processing application 73 
from its database routing tables that the Internet gateway 54 includes executable code facilitating the actual processing, 
of the PSTN may be used to contact the access gateway 66 The executable code permits access to translation tables 77 
via a no-toll routing through the PSTN to the end office CO 50 and routing control records (RCRs) 81 stored in a database 
56. within the storage system portion of the address server 51. 

The availability of a dial-up connection from CO 56 to a The executable code of application 73 also triggers several 
line to the PSTN Internet gateway 54 is next established via communication routines 75, 79 and 83. 
the CCIS network. Assuming that the CCIS query shows that More specifically, when the computer of the address 
a line is available, connection is then made between the end 55 server 51 receives a "query" or request for translation or 
offices 64 and 56, and from end office 56 to the PSTN database look-up, the operating system 71 passes the request 
Internet gateway 54. The end office CO 56 thereupon sends from the LAN server and router interface 55, to the com- 
the domain name of the PSTN Internet gateway 54. The munication routine 75 of the application 73 running in the 
gateway 54 in turn sends the domain name to the domain server 51. The communication routine extracts the appro- 
name server or DNS 52 with a request for a domain name to 60 priate information from the query message, such as the 
IP address translation. The DNS 52 establishes the proper address or number of the requesting terminal device and the 
translation from its database (or a related hierarchical designation that the terminal device has identified for trans- 
database), and returns the numerical IP address of the access lation or look-up. 

gateway 66 to the PSTN Internet gateway 54. The Internet The address or designation processing application 73 can 

gateway or server 54 then uses this IP address and estab- 65 access a number of translation tables. Some of the tables will 

lishes a virtual Internet connection between the access translate addresses, numbers, or designations into immediate 

gateway 66 and the CO 64. connect commands from the server 51 to the LAN server and 
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router 55. One type of designation which would require 
access to this type of table is a DID number for a called party 
in the business establishment, for which the lowest level of 
security has been set. Other tables will translate designations 
such as DID numbers into identification of supplemental 5 
tables to be used to effectuate a higher security level. Such 
supplemental tables would contain additional requirements 
to be satisfied before a connect command is sent from the 
server 51 to the LAN server and router 55. One example of 
such an additional table would be a table of telephone 10 
numbers of authorized calling terminals for the particular 
DID number which is being called. Only after verification 
that the calling number is authorized would a connect 
command be sent from the server 51 to the LAN server and 
router 55. 15 

Certain translations will involve conditional analysis pro- 
cessing for at least some called numbers or addresses. In 
such a case the result of the translation will be to call up a 
communication routine 79 for transmission of a reply mes- 
sage to the calling terminal device that requested the trans- 20 
lation or look-up processing. The application 73 also pro- 
vides the address of that terminal device to the reply 
transmission routine 79. In response, the routine 79 will 
formulate an IP reply message containing the querying 
terminal device address as the destination address and 25 
containing the IP address produced by the translation pro- 
cess as message data. The reply transmission routine 79 
forwards the message through operating system 71 and the 
IP interface (LAN server and router) for transmission 
through the public packet data network 48 to the requesting 30 
terminal device. The requesting terminal device then 
responds using the provided IP address as a destination 
address and the response is again processed for authentica- 
tion by comparison with the content of the appropriate 
tables. The required response may be a PIN number, a name, 35 
a password, or the like. This routine may be repeated to any 
desired number of stages depending upon the degree of 
security desired for the called terminal on a called terminal 
by terminal basis. Upon satisfying all of the indicated 
requirements, the connect command is sent to the LAN 40 
server and router to initiate the desired communication, 

Parties (terminals) for whom such additional or condi- 
tional processing is established will store a routing control 
record (RCR) 81. For each calling terminal associated with 
such a called terminal, the translation tables 77 will store a 45 
pointer pointing to the routing control record (RCR) 81 that 
controls that called party's routing service to his or her 
called terminal in the business establishment. In operation, 
the address processing application 73 will receive a query in 
the manner discussed above. However, when the application 50 
accesses the translation table with the designation associated 
with a called party (terminal) having conditional analysis 
based service, the translation will return a pointer identify- 
ing the controlling RCR. The addressing processing appli- 
cation 73 then executes a conditional analysis routine uti- 55 
lizing the identified RCR 81. The conditional analyses 
defined by the RCRs vary considerably, depending on the 
customized routing service selected for each of the terminals 
in the business establishment. Several simple examples are 
described for convenience. 60 

In one exemplary form, the RCR specifies a set of 
conditions or criteria and two or more alternate destinations, 
depending on which criteria are satisfied by the current call 
or translation request query. For example, the RCR may 
specify alternate destination addresses for different times, or 65 
for different addresses of calling terminal that placed the call 
and thereby requested the translation. In these cases, the 
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address processing application 73 compares call or query 
related parameters to the criteria in the RCR 81 and obtains 
the destination address and processing procedure corre- 
sponding to the parameters of the current call or translation 
query. Here, the address may be an IP address, a MAC 
address, a telephone or terminal number, other routing 
information (e.g., telephone number) or a combination of an 
address plus some other routing information. 

The address or designation processing application 73 will 
supply the result from the RCR processing (address and/or 
other routing information) to the communication routine 79. 
The transmission reply routine transmits a reply message to 
the terminal device that requested the translation, in the 
manner discussed above. However, in this case, the reply 
message contains the IP address and/or other routing infor- 
mation obtained from the RCR processing. The requesting 
terminal device initiates the desired communication in the 
normal manner but using the address information and sat- 
isfying the protection routine obtained as a result of the 
conditional analysis. In this manner, the communication 
ultimately goes to the destination selected by the called party 
who established the customized routing service and the 
corresponding RCR in the domain name server 51. 

The conditional processing by the address server 51 will 
support a wide array of selective routing services, such as 
routing to different destinations at different times, routing to 
an alternate destination if a primary destination is inactive, 
follow-me type service, etc. The procedure permits a com- 
pany using the system to require callers to create a desig- 
nated voice recognition template in order to qualify for 
subsequent use of the Internet telephony connection which 
is offered. The methodology also may be programmed to 
flag and initiate fraud investigations. 

In the embodiment of the invention shown in FIG. 1 using 
PBX distribution, satisfaction of the security procedures is 
followed by connect command and the DID telephone 
number of the called party is then transmitted via the access 
gateway 66 to the PBX. The PBX uses the telephone number 
to ring the desk of the called employee and, if the employee 
goes off-hook, the call is completed from the calling to the 
called party through the Internet. In the alternate embodi- 
ment such as illustrated in FIG. 8 the address which is 
delivered to effect the connection would be the LAN address 
for the called terminal. 

It will be readily seen by one of ordinary skill in the art 
that the present invention fulfills all of the objects set forth 
above. After reading the foregoing specification, one of 
ordinary skill will be able to effect various changes, substi- 
tutions of equivalents and various other aspects of the 
invention as broadly disclosed herein. It is therefore 
intended that the protection granted hereon be limited only 
by the definition contained in the appended claims and 
equivalents thereof. 

What is claimed is: 

1. A method of telephony communication via a public 
packet switched data network from a first terminal to a 
second terminal connected to a local area network compris- 
ing the steps of: 

a) initiating from said first terminal a first address signal; 

b) translating said first address signal to a second address 
signal to effect a fink to a first interface to said public 
data switched network; 

c) establishing a virtual link through said public data 
switched network to a second interface to said public 
data switched network; 

d) establishing a packet data link from said second 
interface to said public data switched network to an 
access gateway to said local area network; 
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e) transmitting from said second interface to said public 
packet switched data network to said access gateway a 
designation including information initiated by said first 
terminal, which information includes identification of 
said second terminal; 5 

f) comparing the information provided by said first ter- 
minal with a storage of information maintained by said 
access gateway which includes information relating to 
said second terminal; 

g) upon establishing a match between at least certain of 10 
said information provided by said first terminal and 
information stored in said storage relating to said 
second terminal, linking said first terminal to said 
second terminal through said public packet switched 
data network and said access gateway and said local 15 
area network for interactive voice telephony commu- 
nication between said first and second stations. 

2. A method according to claim 1 wherein said first and 
second terminals are telephone terminals. 

3. A method according to claim 2 including the step of 20 
connecting said local area network to said second terminal 
through a private branch exchange switching system. 

4. A method according to claim 2 including the step of 
connecting said second terminal direct to said local area 
network. 

5. A method according to claim 1 including the step of 
connecting said first terminal to said first interface of said 
public data switched network through a switched telephone 
network. 

6. A method according to claim 1 including the step of 
connecting said first terminal to said first interface of said 
public data switched network through a switched telephone 
network and a telephony to packet data server connected to 
said first interface to said public packet switched data 
network, 

7. A method according to claim 6 wherein said public 
packet switched data network is the Internet, and said first 
and second terminals are telephone terminals, and said 
information initiated by said first terminal includes identi- 
fication of the domain name of said access gateway. 

8. A method according to claim 7 including the step of 
identifying said domain name in said information initiated 
by said first station through voice recognition. 

9. A method according to claim 6 wherein said public 
packet switched data network comprises the Internet, and 
said first and second terminals are telephone terminals, and 
said information initiated by said first terminal includes 
identification of the domain name of said access gateway 
and a direct inward dial number for said second terminal. 

10. A method of telephony communication via a public 
packet switched data network from a first telephone terminal 
connected to a public switched telecommunications network 
to a second telephone terminal connected to a local area 
network connected to a plurality of telephone terminals for 
interactive voice providing voice communication 
therebetween, said local area network being connected to an 
access gateway comprising the steps of: 

a) dialing from said first terminal a predetermined desig- 
nation for said access gateway to attempt to establish a 
telephony link with said second telephone terminal; 

b) responsive to said dialing of said predetermined des- 
ignation establishing a link from said public switched 
telecommunications network to a telephony to packet 
data server and from said data server to a first interface 
to said public packet switched data network; 

c) establishing a link from said first interface to said 
public packet data switched network through said net- 
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work to a second interface to said public packet data 
switched network and from said second interface to 
said access gateway; 

d) pre-storing in data storage in said access gateway tables 
of access data and processing routines; 

e) receiving at said access gateway data provided by said 
first telephone terminal including an address identify- 
ing said second telephone terminal; 

f) comparing said data provided by said first telephone 
terminal with data in said access gateway tables using 
at least one of said processing routines; and 

g) upon identifying a match between at least certain of 
said data provided by said first telephone terminal with 
said pre -stored data, processing said attempt to estab- 
lish a telephony link with said second telephone ter- 
minal by establishing a link from said access gateway 
through said local area network to one of said plurality 
of telephone terminals connected to said local area 
network, the identity of said one of said plurality of 
terminals depending upon the outcome of processing 
indicated by the correspondence of data provided by 
said first telephone station with data pre-stored in said 
storage and conditions established in said processing 
routines. 

11. A method according to claim 10 wherein said public 
packet switched data network comprises the Internet, 

12. A method according to claim 11 including obtaining 
said information from said first telephone terminal by inter- 
active voice prompt and voice recognition dialog. 

13. A method according to claim 12 wherein said infor- 
mation includes identification of an address for said access 
gateway. 

14. A method according to claim 13 wherein said infor- 
mation also includes a direct inward dial number for said 
second telephone terminal. 

15. A method according to claim 13 wherein said identi- 
fication of an address for said access gateway comprises the 
domain name of said access gateway. 

16. A hybrid telephony communication system compris- 
ing: 

a switched telecommunications network including inter- 
connected switching systems serving telephone termi- 
nals and having a separate packet switched control 
network which includes a controller and signal transfer 
points and service switching points associated with said 
switching systems; 

a public packet switched data network having router 
interfaces; 

a packet network server connected between one or more 

of said switching systems and one or more of said 

router interfaces; 
a local area network providing communication between a 

plurality of telephone terminals associated therewith; 
an access gateway connected between said local area 

network and one or more of said router interfaces; and 
security storage associated with said access gateway and 

having stored therein data relating to at least certain of 

said plurality of telephone terminals associated with 

said local area network; 
said access gateway including a processor selectively 

running application routines associated with certain of 

said plurality of terminals and said data stored in said 

security storage, wherein; 

a caller using one of said telephone terminals served by 
said switching systems establishes telephonic com- 
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munication with one of said plurality of terminals suspension of the call, accessing said controller, signaling 

associated with said local area network by a link between said controller and said intelligent peripheral 

through said telecommunications network and said platform, and voice communication between said intelligent 

packet network server and said public packet peripheral platform and said caller, 

switched data network and said access gateway and 5 20. A communication system according to claim 19 

said local area network after inputting information wherein said public packet switched data network comprises 

corresponding to data in said security storage and the Internet. 

satisfying criteria imposed by said processor running 21. A communication system according to claim 16 
an application routine associated with the telephone including a private branch exchange switching system con- 
terminal with which said caller using one of said 10 necting said plurality of terminals to said local area network, 
telephone terminals served by said switching sys- 22. A communication system according to claim 21 
terns establishes telephonic communication. including a separate connection of said private branch 

17. A communication system according to claim 16 exchange switching system to one of said switching systems 
including an intelligent peripheral platform associated with in said switched telecommunications network. 

said control network and having voice prompt and voice 15 23. A communication system according to claim 22 

recognition capability, said intelligent peripheral platform including computers connected to said local area network, 

obtaining at least certain of said information inputted by said and a local area network to packet switched data network 

caller using one of said telephone terminals served by said server connected between said local area network and one or 

switching systems. more of said router interfaces to said packet switched data 

18. A communication system according to claim 17 20 network. 

wherein said intelligent peripheral platform is connected to 24. A communication system according to claim 23 

said controller via a data link. wherein said local area network to packet switched data 

19. A communication system according to claim 18 network server blocks telephony communication signals, 
wherein said telephonic communication which is established 

is initiated by said caller dialing a number which causes ***** 
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